Pyro4:在不尝试 return 子对象的情况下调用远程子对象的方法
Pyro4: Call method on remote sub-object without it trying to return the sub-object
假设我有一个对象是另一个对象的 属性。
import Pyro4
@Pyro4.expose
class ClassB:
def foo(self):
return 'Hello from ClassB::foo()'
@Pyro4.expose
class ClassA:
def __init__(self):
self._b = ClassB()
def foo(self):
return 'Hello from ClassA::foo()'
@property
def b(self):
return self._b
if __name__ == '__main__':
daemon = Pyro4.Daemon(host='localhost')
ns = Pyro4.locateNS(host='localhost', port=9090)
ns.register('ClassA', daemon.register(ClassA))
daemon.requestLoop()
在本地机器上,我运行这个
import Pyro4
if __name__ == '__main__':
ns = Pyro4.locateNS(host='localhost', port=9090)
uri = ns.lookup('ClassA')
a = Pyro4.Proxy(uri)
print(a.foo())
print(a.b.foo()) # Fails here
当我尝试调用 a.b.foo 时,它试图序列化 a.b 并在本地调用 foo,但我想在远程 ClassA 上已经存在的 ClassB 实例上调用 foo实例.
当然,我可以向 ClassA 添加一个委托给 b.foo() 的方法,例如
def classA:
# ...
def foo_on_b(self):
return self._b.foo()
但我不想那样做。
这是设计使然,这是不可能的。这是一个安全漏洞。
https://pyro4.readthedocs.io/en/stable/security.html#dotted-names-object-traversal
设法像这样破解它。
remote.py
import Pyro4
class C:
def __init__(self):
self.val = 123
class B:
def __init__(self):
self.c = C()
class A:
def __init__(self):
self.b = B()
def getattr_r(obj, *attrs):
return getattr_r(getattr(obj, attrs[0]), *attrs[1:]) if attrs else obj
class ClassC:
def foo(self, x, y):
return 'Hello from ClassC::foo()! {} + {} = {}'.format(x, y, x + y)
class ClassB:
def __init__(self):
self.c = ClassC()
def foo(self, x, y):
return 'Hello from ClassB::foo()! {} + {} = {}'.format(x, y, x + y)
@Pyro4.expose
class ClassA:
def __init__(self):
self.b = ClassB()
def foo(self, x, y):
return 'Hello from ClassA::foo()! {} + {} = {}'.format(x, y, x + y)
def invoke_on_subobj(self, obj_chain, *args, **kwargs):
return getattr_r(self, *obj_chain)(*args, **kwargs)
if __name__ == '__main__':
daemon = Pyro4.Daemon(host='localhost')
ns = Pyro4.locateNS(host='localhost', port=9090)
ns.register('ClassA', daemon.register(ClassA))
daemon.requestLoop()
local.py
import Pyro4
class ObjTraversableProxy:
def __init__(self, proxy, bound_attrs=[]):
self._proxy = proxy
self._bound_attrs = bound_attrs
def __getattr__(self, attr):
return ObjTraversableProxy(self._proxy, self._bound_attrs + [attr])
def __call__(self, *args, **kwargs):
if len(self._bound_attrs) > 1:
return self._proxy.invoke_on_subobj(self._bound_attrs, *args, **kwargs)
else:
return getattr(self._proxy, self._bound_attrs[0])(*args, **kwargs)
if __name__ == '__main__':
ns = Pyro4.locateNS(host='localhost', port=9090)
uri = ns.lookup('ClassA')
a = ObjTraversableProxy(Pyro4.Proxy(uri))
print(a.foo(3, 4))
print(a.b.foo(5, 6))
print(a.b.c.foo(6, 7))
结果
Hello from ClassA::foo()! 3 + 4 = 7
Hello from ClassB::foo()! 5 + 6 = 11
Hello from ClassC::foo()! 6 + 7 = 13
假设我有一个对象是另一个对象的 属性。
import Pyro4
@Pyro4.expose
class ClassB:
def foo(self):
return 'Hello from ClassB::foo()'
@Pyro4.expose
class ClassA:
def __init__(self):
self._b = ClassB()
def foo(self):
return 'Hello from ClassA::foo()'
@property
def b(self):
return self._b
if __name__ == '__main__':
daemon = Pyro4.Daemon(host='localhost')
ns = Pyro4.locateNS(host='localhost', port=9090)
ns.register('ClassA', daemon.register(ClassA))
daemon.requestLoop()
在本地机器上,我运行这个
import Pyro4
if __name__ == '__main__':
ns = Pyro4.locateNS(host='localhost', port=9090)
uri = ns.lookup('ClassA')
a = Pyro4.Proxy(uri)
print(a.foo())
print(a.b.foo()) # Fails here
当我尝试调用 a.b.foo 时,它试图序列化 a.b 并在本地调用 foo,但我想在远程 ClassA 上已经存在的 ClassB 实例上调用 foo实例.
当然,我可以向 ClassA 添加一个委托给 b.foo() 的方法,例如
def classA:
# ...
def foo_on_b(self):
return self._b.foo()
但我不想那样做。
这是设计使然,这是不可能的。这是一个安全漏洞。 https://pyro4.readthedocs.io/en/stable/security.html#dotted-names-object-traversal
设法像这样破解它。
remote.py
import Pyro4
class C:
def __init__(self):
self.val = 123
class B:
def __init__(self):
self.c = C()
class A:
def __init__(self):
self.b = B()
def getattr_r(obj, *attrs):
return getattr_r(getattr(obj, attrs[0]), *attrs[1:]) if attrs else obj
class ClassC:
def foo(self, x, y):
return 'Hello from ClassC::foo()! {} + {} = {}'.format(x, y, x + y)
class ClassB:
def __init__(self):
self.c = ClassC()
def foo(self, x, y):
return 'Hello from ClassB::foo()! {} + {} = {}'.format(x, y, x + y)
@Pyro4.expose
class ClassA:
def __init__(self):
self.b = ClassB()
def foo(self, x, y):
return 'Hello from ClassA::foo()! {} + {} = {}'.format(x, y, x + y)
def invoke_on_subobj(self, obj_chain, *args, **kwargs):
return getattr_r(self, *obj_chain)(*args, **kwargs)
if __name__ == '__main__':
daemon = Pyro4.Daemon(host='localhost')
ns = Pyro4.locateNS(host='localhost', port=9090)
ns.register('ClassA', daemon.register(ClassA))
daemon.requestLoop()
local.py
import Pyro4
class ObjTraversableProxy:
def __init__(self, proxy, bound_attrs=[]):
self._proxy = proxy
self._bound_attrs = bound_attrs
def __getattr__(self, attr):
return ObjTraversableProxy(self._proxy, self._bound_attrs + [attr])
def __call__(self, *args, **kwargs):
if len(self._bound_attrs) > 1:
return self._proxy.invoke_on_subobj(self._bound_attrs, *args, **kwargs)
else:
return getattr(self._proxy, self._bound_attrs[0])(*args, **kwargs)
if __name__ == '__main__':
ns = Pyro4.locateNS(host='localhost', port=9090)
uri = ns.lookup('ClassA')
a = ObjTraversableProxy(Pyro4.Proxy(uri))
print(a.foo(3, 4))
print(a.b.foo(5, 6))
print(a.b.c.foo(6, 7))
结果
Hello from ClassA::foo()! 3 + 4 = 7
Hello from ClassB::foo()! 5 + 6 = 11
Hello from ClassC::foo()! 6 + 7 = 13